Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More
Overview
Cyble Research & Intelligence Labs (CRIL) has shared new details about weekly industrial control systems (ICS) vulnerabilities. These vulnerabilities were issued by the Cybersecurity and Infrastructure Security Agency (CISA) from October 15 to October 21, 2024. The report outlines critical security concerns affecting various vendors and highlights the urgency for organizations to address these vulnerabilities promptly.
During the reporting period, CISA released seven security advisories targeting ICS, which collectively identified 13 distinct vulnerabilities across several companies, including Siemens, Schneider Electric, Elvaco, Mitsubishi Electric, HMS Networks, Kieback&Peter, and LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME. Notably, Elvaco disclosed four vulnerabilities, while Kieback&Peter reported three.
Among the highlighted vulnerabilities, particular attention is drawn to those affecting the Elvaco CMe3100 and Kieback&Peter DDC4000 Series. The Elvaco CMe3100 is a compact and intelligent communication gateway designed to remotely read energy meters. Cyble’s ODIN scanner has identified 1,186 instances of the CMe3100 exposed to the internet, with a large concentration of these devices in Sweden.
The Kieback&Peter DDC4000 Series comprises digital controllers utilized primarily in building automation systems for HVAC (heating, ventilation, and air conditioning) management. The scanner detected eight instances of these controllers that require urgent attention.
Vulnerability Overview
The vulnerabilities reported by Cyble Research & Intelligence Labs (CRIL) provide critical insights for organizations aiming to prioritize their patching efforts.
CVE-2024-3506: Among the key vulnerabilities identified, CVE-2024-3506 affects Siemens’ Siveillance Video Camera, with all versions prior to V13.2 vulnerable to a medium-severity classic buffer overflow, impacting physical access control systems and CCTV.
CVE-2023-8531: Schneider Electric’s Data Center Expert, specifically versions 8.1.1.3 and prior, is susceptible to CVE-2023-8531, which involves high-severity improper verification of cryptographic signatures, affecting control systems such as DCS, SCADA, and BMS.
CVE-2024-49396 and CVE-2024-49398: Elvaco’s CMe3100, version 1.12.1, is highlighted with multiple vulnerabilities, including CVE-2024-49396 for insufficiently protected credentials and CVE-2024-49398 for an unrestricted upload of files with dangerous types; both vulnerabilities are classified as high and critical respectively, posing risks to gateway and remote access systems.
CVE-2024-41717: Kieback&Peter’s DDC4002 and related versions are affected by CVE-2024-41717, which presents a critical path traversal vulnerability impacting field controllers and IoT devices.
CISA’s recent advisories reveal a predominance of such high-severity vulnerabilities within the ICS sector, highlighting the need for organizations to remain vigilant and implement effective mitigation strategies in response to these emerging threats.
Recommendations for Mitigation
Cyble emphasizes several key recommendations to enhance organizational cybersecurity:
Organizations should closely track security advisories and alerts issued by vendors and relevant authorities to stay informed about potential vulnerabilities.
Implement a risk-based vulnerability management strategy to minimize the likelihood of exploitation, while adopting a Zero-Trust security framework.
Threat intelligence analysts should play a crucial role in the patch management process by continuously monitoring critical vulnerabilities identified in the CISA’s Known Exploited Vulnerabilities (KEV) catalog.
Develop better patch management strategy that encompasses inventory management, assessment, testing, deployment, and verification of patches. Automation of these processes can enhance efficiency and consistency.
Effective network segmentation is essential to limit attackers’ ability to move laterally within critical environments.
Regular audits, vulnerability assessments, and penetration testing exercises are critical for identifying and addressing security gaps.
Establishing ongoing monitoring and logging capabilities allows for early detection of network anomalies and potential threats.
Leveraging Software Bill of Materials (SBOM) can improve visibility into the components and libraries in use, along with their associated vulnerabilities.
Conclusion
The ISC vulnerability report highlights the pressing need for organizations to address the high-severity vulnerabilities identified by the Cybersecurity and Infrastructure Security Agency.
With significant risks affecting major vendors like Siemens and Schneider Electric, it is crucial for businesses to adopt proactive measures, including patch management strategies and effective network segmentation.
By staying vigilant and responsive to these vulnerabilities, organizations can better protect their critical infrastructure and enhance their overall cybersecurity posture.
The post Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More appeared first on Cyble.
Blog – Cyble – Read More